{ pkgs, lib, config, ... }:
{
  imports = [
    ./avahi.nix
  ];
  services.printing = {
    enable = true;
    drivers = [
      pkgs.canon-cups-ufr2
      pkgs.cups-filters
      pkgs.gutenprint
      pkgs.hplip
    ];
  };
  hardware.sane.enable = true;
  hardware.sane.extraBackends = [
    pkgs.hplipWithPlugin
    pkgs.sane-airscan
  ];
  services.colord.enable = true;
  # ExplanationNote: cups-browsed only supports avahi, not systemd-resolved
  services.avahi.enable = lib.mkDefault true;
  services.resolved.extraConfig = ''
    MulticastDNS=false
  '';
  networking.nftables.ruleset = ''
    table inet filter {
      chain output-lan {
        tcp dport { ipp, ipps } counter accept comment "printing: IPP"
        tcp dport sane-port counter accept comment "sane-net: control port"
        tcp dport {40000 - 40100} counter accept comment "saned: data ports"
      }
    }
  '' + lib.optionalString config.hardware.sane.openFirewall ''
    table inet filter {
      chain input-lan {
        udp canon-bjnp2 counter accept comment "sane: discovery of scanners on the local network"
      }
    }
  '';
}